Exchange for Change (NSW) Pty Ltd (ACN 620 512 469) and Exchange for Change (ACT) Pty Ltd (ACN 625 238 799) and their respective related bodies corporate (we, our, us, Exchange for Change) is collectively the scheme coordinator under the Waste Avoidance and Resource Recovery Act 2001 (NSW) and the Waste Avoidance and Resource Recovery Act 2016 (ACT).

We may cpersonal infomation and may share personal information with the State of NSW and the Australian Capital Territory, as explained in this privacy collection notice.

When we share your personal information with the State of NSW and the Australian Capital Territory, the State of NSW and the Australian Capital Territory (as applicable) will collect your personal information. We understand the importance of being open and transparent with you in the way in which we collect, store, use and share your personal information. We take protecting your privacy rights very seriously.

Our privacy collection notice explains how we handle the personal information you have provided to us. We strongly encourage you to read this privacy collection notice before you register your organisation as a supplier or exporter under the relevant Container Deposit Scheme, so that you understand and are comfortable with how we handle your personal information.

Exchange for Change Privacy Policy

Version 3, last updated 1 August 2025

1. Our commitment

We are committed to respecting your privacy in accordance with the Privacy Laws. This Policy sets out how we collect, use, store and disclose your personal information.

2. Definitions

In this Policy, the following words/phrases/abbreviations have the following meanings:

“APPs”	means the Australian Privacy Principles set out in the Privacy Act.
“OAIC”	means Office of the Australian Information Commissioner, the Australian privacy regulator.
“personal information”	is defined in the Privacy Act and means information or an opinion about an identified individual, or an individual who is reasonably identifiable. For example, this may include your name, age, gender, postcode and contact details. It may also include financial information.
“Privacy Act”	means the Privacy Act 1988 (Cth).
“Privacy Laws”	together means: - the Privacy Act and APPs; - the Information Privacy Act 2014 (ACT) and the ACT Territory Privacy Principles (“TPPs”); and - Privacy and Personal Information Protection Act 1988 (NSW).
“us”, “we” or “our”	means: - Exchange for Change (NSW) Pty Ltd (ACN 620 512 469) (Scheme Coordinator for the NSW Container Deposit Scheme); and - Exchange for Change (ACT) Pty Ltd (ACN 625 238 799) (Scheme Coordinator for the ACT Container Deposit Scheme), (together, the “NSW / ACT Container Deposit Schemes”), and their respective related bodies corporate.
“Websites”	means exchangeforchange.com.au, actcds.org.au and returnandearn.org.au.

3. Your acknowledgement

By providing personal information to us, you understand that we will collect, use and disclose your personal information in accordance with this Policy and any other arrangements that apply between us. We may change this Policy from time to time by publishing changes to it on our website. We encourage you to check our website to ensure that you are aware of our current Privacy Policy. Other privacy related notices and terms and conditions may apply to you such as privacy collection notices or privacy statements which may be provided to you at the time your personal information is collected by us.

4. Privacy legislation

Exchange for Change is subject to, and handles personal information in accordance with, the Privacy Act and the APPs. In addition, Exchange for Change has contractual obligations under its respective contractual agreements with the ACT and NSW Government, which in certain circumstances requires it to comply with certain aspects of the Privacy Laws.

5. What personal information do we collect?

You may interact with us in a variety of different ways and the types of personal information that we collect about you will depend on the type of dealings you have with us.

Generally speaking, the types of personal information that we may collect are set out in the Schedule to this Policy.

We endeavour to collect your information directly from you. However, in some circumstances, where authorised by you, we may collect your information from third parties, such as your employer or contracting organisations, a service provider or from a publicly available record.

In addition, if you apply for a job or position with us we may collect certain information from you (including your name, contact details, working history and relevant records checks) and from any recruitment consultant involved, your previous employers and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment or engage you under a contract.

In some cases, you may provide us with personal information which relates to another person (for example, an emergency contact, a job referee, a colleague/employee). If you do so, you agree that you have received permission from these individuals for us to collect, use, and share, their personal information in accordance with this Policy. You should also let them know about our Privacy Policy (including the information in this Policy).

The applicable privacy legislation to which we are subject (see Section 4 above) contain certain exemptions in relation to certain acts undertaken in relation to employee records and related bodies corporate. Where appropriate we make use of the relevant exemptions.

6. Can you deal with us without providing your personal information?

You are under no obligation to provide your personal information to us. We will provide individuals with the option of not identifying themselves, if it is lawful and practicable to do so. For example, you can access our Websites, make general phone queries or email us without having to identify yourself.

However, without certain information from you, we may not be able to provide you with our full scope of services or information that is tailored to you, and we may generally be limited in how we can interact with you. For example, if you do not provide your personal information as part of the recruitment process, we will be unable to progress your application for employment with us

7. Why do we collect, use and disclose personal information?

We collect personal information that is necessary to provide you with our services, and to carry out our business.

We do not use your personal information to carry out automated decision-making relating to you.`

We may use your personal information for purposes which are incidental to provision of our services or for other purposes which are within your reasonable expectation or permitted by law.

The purpose for which we usually collect, store, and use your personal information depends on how you interact with us (for example, whether you are a beverage supplier registered with the NSW and/or ACT Container Deposit Scheme, or an individual consumer), but may include the following purposes:

primarily to fulfil our functions and responsibilities as the scheme coordinator under the Waste Avoidance and Resource Recovery Act 2001 (NSW) and the Waste Avoidance and Resource Recovery Act 2016 (ACT) respectively and to comply with our other legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties;
to facilitate your participation in the NSW / ACT Container Deposit Scheme including allowing you to supply, collect, deposit, receive payment for containers as part of the NSW / ACT Container Deposit Scheme as a beverage supplier, beverage exporter, material recovery facility operator, or network operator;
administer and manage your registration or account with the NSW / ACT Container Deposit Scheme as a beverage supplier or exporter, material recovery facility operator, or consumer;
to manage fees and administer billing (including administration of NSW / ACT Container Deposit Scheme payments and other third-party payment arrangements) and debt recovery;
to enable you to access and use, and for us to monitor your use of, our Websites and services;
to investigate any unauthorised or unacceptable use of the Websites or any content on the Websites;
to obtain feedback and to reply to feedback as well as to conduct research and surveys;
to operate, protect, improve and optimise our Websites, business and our users’ experience, such as to perform analytics, conduct research, complete reporting and for advertising and marketing;
to create de-identified or aggregate data for data analytics, reporting and/or reporting purposes;
anyone to whom our assets or businesses (or any part of them) are transferred; 
specific third parties authorised by you to receive information held by us; 
to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
if you subscribe to an online mailing list, to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting;
to manage your relationship with us and to do business with you on a commercial basis (including when you are a contractor, service provider or supplier to us);
to test, train and maintain information technology systems (including artificial intelligence tools);
to test, train, improve and develop our technology systems, products and services, including through the use of artificial intelligence tools;
to investigate any incidents that may occur (both in relation to cyber security, as well as any health and safety incidents that occur at our premises);
to handle and respond to any complaints made;
to consider your employment application and manage your working relationship with us; or
to investigate any fraudulent conduct or suspected fraudulent in connection with the scheme.

We may also disclose your personal information to a trusted third party who also holds other information about you. This third party may combine that information in order to enable it and us to develop anonymised consumer insights so that we can better understand your preferences and interests, personalise your experience and enhance the products and services that you receive.

We do not use or disclose your personal information to any person or organisation unless it is directly related to or reasonably necessary for, one of the purposes described above.

8. Do we use your personal information for direct marketing?

We may use and share your personal information to communicate with you for direct marketing purposes through various channels, such as via regular mail, email, SMS, telephone, push notifications or social media (including through targeted advertisements on certain websites, mobile applications and social media channels). We undertake direct marketing, to run promotions and competitions and share updates about our services as well as carefully curated news.

We will only send these communications in accordance with applicable privacy and marketing laws (such as the Privacy Act (including APP 7) and the Spam Act 2003 (Cth)), and only where you have not opted out from receiving such communications from us.

You may opt-out of receiving marketing materials as explained in Section 9 below.

9. How can you opt out?

You are always in control of the direct marketing communications which you receive and can opt-out at any time. Generally, you can opt out by following the relevant opt-out or unsubscribe instructions in the relevant communication (such as email or SMS message).
‍
You can also contact us using the details set out below to tell us you would like to stop receiving direct marketing communications from us.

Importantly, regardless of whether you opt out from receiving any or all direct marketing communications, we will still communicate with you if we are required by law to provide you with information, or in relation to transactional or purely factual messages.

You can also visit Your Online, which is a website which allows you to do a blanket opt out for the organisations who have signed up to Your Online Choices in respect of targeted advertising based on your browsing history.

10. With whom do we share your personal information?

We may share your personal information with third parties:

for the purposes described in this Policy,
for other purposes explained at the time we collect your personal information; and/or
where we have otherwise received your consent, or the disclosure is required or authorised by law.

Some of the parties we may share your information with include the following:

our employees;
our related bodies corporate;
the New South Wales and ACT governments;
our scheme partners, including the New South Wales Environment Protection Authority and Tomra Cleanaway, ACT NoWaste, Transport Canberra and City Services, and Return It (Canberra);
Scheme Coordinators in other jurisdictions in Australia with Corresponding Law as defined in the Waste Avoidance and Resource Recovery Act 2001 (NSW) to facilitate national harmonisation activities;
third-party suppliers and service providers we use for our Websites, mobile applications and/or our business in connection with providing our products and services to you. These may include IT service providers and third-party storage providers, marketing and communications agencies and data analysis organisations;
professional advisers, dealers and agents;
consultants and contractors;
payment systems operators (eg merchants receiving card payments);
our existing or potential agents, business partners or partners;
anyone to whom our assets or businesses (or any part of them) are transferred;
specific third parties authorised by you to receive information held by us;
your nominated job referees, to validate details you have provided us with including your resume, qualifications, experience, training or abilities;
other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law; and/or
other persons, as necessary to facilitate our dealings with you.

11. Do we share your personal information overseas?

We generally collect your personal information in Australia. However, it is likely that we will share your personal information outside the state or territory you are in or outside Australia, to overseas recipients located in Germany, Ireland, Japan, the Netherlands, Pakistan and the United States of America. These recipients include our service providers who may handle, process or store your personal information on our behalf.

For example, we may share your personal information with service providers who assist us with storing our data on secure data storage servers, or with providing and improving our products and services (including our service providers: Adobe, AVEC Global, DocuSign, Dropbox, EFEX, Employment Hero, LinkedIn, Microsoft, Oracle and Seek).

There are other circumstances where we may disclose your personal information to an overseas recipient. For example, where we are otherwise permitted to do so under other relevant laws.

We only ever share your personal information outside of the state or territory you are in or Australia where we are permitted to do so under the applicable Privacy Laws. Generally, this means we will take reasonable steps to ensure your personal information is treated securely and in accordance with applicable Privacy Laws.

12. Using our website, cookies, pixels and other online tracking technologies

We may collect statistical information when you access and use our Websites and any online platforms and applications made available by us, by utilising features and technologies of your internet browser, including cookies and tracking pixels. We use these tracking technologies for a variety of purposes, including to:

collect data about our website traffic;
analyse how our Websites are being used;
remember your preferences;
improve our Websites; and
provide more user friendly Websites and online services.

This information does not identify you personally unless you otherwise provide personal information to us that enables identification. As such, information collected through these tracking technologies (including information about your use of our Websites, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer) may be personal information.

Cookies

Cookies are small files that store information on your computer, TV, mobile phone or other devices. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions.

We may also use cookies to enable us to collect data that may include personal information. For example, where a cookie is linked to your account, it will be considered personal information under the Privacy Act. We will handle any personal information collected by cookies in the same way that we handle all other personal information as described in this Policy.

Tracking pixels

A tracking pixel is a piece of code that a business or third-party provider can place on its website or in email to collect information about a users’ activity, including the site pages they visit, time spent on each page, IP address, and/or form inputs (as relevant). When users visit pages with pixels, the pixel “loads” and send the information it is designed to collect back to the server of e.g. in the case of third-party pixels this would be to the third-party service provider.

Opting out

You can disable cookies through your internet browser but our Websites may not work as intended for you if you do so. To change your web browser preferences, please visit the relevant preferences or settings page on your browser and amend the privacy settings in relation to cookies and site data. It may be necessary for you to opt out separately from each device and browser that you use to access online content.

Provider	Description
Meta Platforms Inc	If you use Facebook, Instagram, Threads or any other platforms or networks owned or used by Meta, you can generally adjust your ‘ad preferences’ in the account settings of the respective platform that you access and see ads in.
Alphabet Inc	If you use YouTube, Google or any other platforms owned by Alphabet, you can manage how tracking technologies are used by checking your browser or account settings and adjusting your ‘privacy & safety’ and ‘search personalisation’ settings.

When you opt out of receiving targeted ads, this information is usually saved on a cookie. This means that if you clear your cookies, you will have to opt out again.

13. Links to other websites

Our Websites may contain links to websites or mobile applications (such as the Return and Earn App) operated by third parties, including our partners, associates or independent third parties. Those links and mobile applications are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites or mobile applications, and have no control over or rights in those linked websites. The privacy policies and relevant privacy collection notices that apply to those other websites and mobile applications may differ substantially from our Policy and collection notices, so we encourage you to read them before using those websites.

14. Security

We may hold your personal information in either electronic or hard copy form. We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your personal information in the following ways:

In addition to opting out of cookies via your browser, you can opt out of the following third-party analytical tools we use via the instructions available at the links below:

Form	Explanation
Paper-based files	We store paper-based files of personal information in secure storage. Personal information may be collected in paper-based form and then converted to electronic form for use or storage. We maintain physical security measures to ensure that personal information in paper-based files is protected, such as by way of physical locks and security systems at our premises.
Electronic records	We store electronic records in secure databases, using trusted third party service providers. We also maintain physical security measures in relation to the storage of our electronic records (such as through locks and security systems at our electronic data stores). We also use encryption technologies, and deploy anti-malware and anti-virus software to protect electronic records. However, we cannot guarantee the security of your personal information transmitted over the internet, as online data transmission is not totally secure, given the prevalence of interception or hacking of data by unauthorised third parties.
Our Websites and Apps	Our Websites and Apps use encryption or other technologies to ensure that your personal information is securely transmitted online. We encourage you to exercise care when sending your personal information via the internet.

15. Accessing or correcting your personal information

You are entitled to request access to any of your personal information held by us and you can access the personal information we hold about you by contacting us using the information below. We may need to verify your identity when you request your personal information.

We will take reasonable steps to ensure the personal information we collect, use or disclose is accurate having regard to the purpose of use and disclosure. If you think that any personal information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us and we will take reasonable steps to ensure that it is corrected.

We will respond to your requests for access and/or correction within 30 days. We may decline your request to access or correct your personal information in certain circumstances in accordance with applicable privacy laws, however if we do so, we will provide you with written reasons for the refusal and details of complaint mechanisms.

If you are dissatisfied with our refusal to grant you access to, or correct your, personal information, you can complain to us using the contact details set out below.

We can only correct and/or provide you with access to information that we hold. If you want to correct and/or access information held about you by other parties such as the NSW or ACT governments, you are entitled to do so and should direct your request to them.

16. Making a complaint

If you wish to make a complaint about the way we have handled your personal information, you can contact us using the details provided below. Please include your name, email address and/or telephone number and clearly describe your complaint.

If you make a complaint about privacy, the following will occur:

No.	Steps
1.	We will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint. We will generally acknowledge your complaint within a week. We may notify the ACT and NSW governments of your complaint; however, we will not disclose personal information in connection with the complaint unless we have your consent to do so. Following this notification, the ACT or NSW government may take responsibility for progressing and resolving your complaint in accordance with their complaints handling process instead of the process set out in this Policy. If not, we will respond to your complaint in accordance with the process set out here.
2.	If your complaint requires more detailed consideration or investigation: - we will acknowledge receipt of your complaint within a week and endeavour to complete our investigation into your complaint promptly; and - we may ask you to provide further information about your complaint and the outcome you are seeking. If your initial complaint was not written, we may ask you to submit your complaint in writing.
3.	We will then typically gather relevant facts, locate and review relevant documents and speak with any individuals involved.
4.	In most cases, we will respond to your complaint within 30 days from when we receive your complaint. If the matter is more complex or our investigation may take longer, we will let you know, and tell you when we expect to provide our response.

If you think that we have failed to resolve the complaint satisfactorily, or consider that we may have breached the relevant Privacy Laws, you are entitled to make a complaint to the OAIC.

The OIAC can be contacted by telephone on 1300 363 992, or you can fill out its online privacy complaint form to make a complaint about our handling of your personal information. Full contact details for the Office of the Australian Information Commissioner and details of its complaints procedure can be found online at www.oaic.gov.au.

17. Publication and Communication 

This Policy is published on our Intranet and Websites (including www.exchangeforchange.com.au, actcds.org.au and www.returnandearn.com.au).

18. Contacting us

For further information about our Policy or practices, or to access or correct your personal information, or make a complaint, please contact us using the details set out below:

Customer Service
Exchange for Change
PO Box 3414, Rhodes NSW 2138
Phone:  1800 813 887
E:mail:  [email protected]

Types of personal information	What this includes	How do we collect this information?
Personal and contact details	This may include your: - full name; - date of birth; - mailing or street addresses; - email address; - telephone number and other contact details; and/or - signature.	We may collect this information: - directly from you when you communicate with us through correspondence, chats, email, and/or in person; - when you register to use our online services; - when you register your participation or create an account with the NSW / ACT Container Deposit Scheme as a beverage supplier, exporter, or consumer; - if you are a material recovery facility operator and complete monthly reporting or submit a refund claim via our portal on the exchangeforchange.com.au website; - when you share information with us from other social applications or websites; - if you apply for a position with us; - when you subscribe to mailing lists on any of our websites; and - when you communicate with us during competitions, special events and promotions.
Copies of photo identity documents	This may include copies of: - your driver’s licence; - your passport; and/or - other similar identity information. We may also obtain ASIC register extracts containing: - names and addresses of past and present directors and company secretaries; and - names and shareholdings of past and present shareholders.	We may collect this information directly from you to verify your identity if you are a representative of a beverage supplier. In addition, we may undertake ASIC searches to confirm entity details, which may include personal information of directors and shareholders.
Financial details	This may include your: - bank account details; and/or - credit card information.	We may collect this information when you: - register or create an account with the NSW / ACT Container Deposit Scheme as a beverage supplier, exporter, or recovery operator; or - provide payment information to us as an employee or contractor.
‘Return and Earn’ mobile application user information	This may include your: - name, email address, phone number; - PayPal or bank details; - location and/or return location; - unique barcode identifier linked to your account; - information about returns you made; and/or - other information input or generated through use of the Return and Earn App.	We collect this information indirectly from Tomra Cleanaway Pty Limited for research and reporting purposes relating to the Container Deposit Schemes.
Employee and workplace information (including surveillance)	This may include: - employment history, qualifications and certifications; - TFN and superannuation details; - eligibility to work and referee details; - disciplinary, incident and leave records; - health or medical information (sensitive information); - Centrelink details; - system and device usage information; and/or - recruitment and employment records.	We may collect this information: - directly from you during recruitment or employment; - from third-party recruiters, referees, education or registration authorities, Centrelink, or medical professionals; and/or - through work-issued systems and devices.
Background check information	This may include: - national police check results; - visa and integrity checks; - character or reference checks; and - verification of employment or qualifications.	Collected directly during recruitment or employment, or from third parties such as verification providers, referees, employers, registration authorities, or publicly available information (e.g. court decisions).
Other information collected during interactions	This may include: - enquiry or complaint details; - service or transaction records; - additional information provided via our websites, apps or social media; and - any personal information needed to facilitate dealings with us.	Collected when you contact us by phone, email, or in person; use our online services or portals; participate in surveys, promotions or events; or engage with our websites, apps or advertising.
Online and digital services information (including behavioural information)	We may collect: - device, browser, and connection data; - browsing and session information; - geo-location data; - online form inputs (e.g., name, email); and - data from cookies, pixels or tracking technologies. See “Using our website, cookies and other tracking technologies” for details.	Collected via our websites (exchangeforchange.com.au, returnandearn.org.au, actcds.org.au), social media, cookies, and online tracking tools.
Company and position information	This may include: - company ABN/ACN and director details; - ASIC search results; and/or - employee, contractor or supplier information.	Collected during supplier onboarding or from publicly available sources (e.g., ASIC).
Call and video/online conferencing recording information	This may include: - voice recordings, call details, and participant information. We will notify you before recording any calls.	Collected when calls or video meetings are monitored or recorded. We will inform you if a recording is being made.
Camera surveillance	We may collect camera surveillance information including photographs or video recordings of people attending our offices.	Collected via CCTV at our premises for safety and security purposes when you attend our offices.
Unsolicited information	Unsolicited personal information is information we receive that we have taken no active steps to collect.	Collected directly from you. We may retain it if permitted under Privacy Laws; otherwise, we will destroy or de-identify it when lawful and reasonable to do so.